Remove typmod checking from the recent security-related patches. It turns

out that ExecEvalVar and friends don't necessarily have access to a tuple
descriptor with correct typmod: it definitely can contain -1, and possibly
might contain other values that are different from the Var's value.
Arguably this should be cleaned up someday, but it's not a simple change,
and in any case typmod discrepancies don't pose a security hazard.
Per reports from numerous people :-(

I'm not entirely sure whether the failure can occur in 8.0 --- the simple
test cases reported so far don't trigger it there.  But back-patch the
change all the way anyway.

1 files changed, 2 insertions, 5 deletions

diff --git a/src/backend/executor/execUtils.c b/src/backend/executor/execUtils.c
index a2d3543ced0..e7e8a4d1101 100644
--- a/src/backend/executor/execUtils.c
+++ b/src/backend/executor/execUtils.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/executor/execUtils.c,v 1.126.2.4 2007/02/02 00:07:44 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/executor/execUtils.c,v 1.126.2.5 2007/02/06 17:35:34 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -537,10 +537,7 @@ ExecBuildProjectionInfo(List *targetList,
 			break;
 		}
 		attr = inputDesc->attrs[variable->varattno - 1];
-		if (attr->attisdropped ||
-			variable->vartype != attr->atttypid ||
-			(variable->vartypmod != attr->atttypmod &&
-			 variable->vartypmod != -1))
+		if (attr->attisdropped || variable->vartype != attr->atttypid)
 		{
 			isVarList = false;
 			break;